The following tutorial will show you how to enable your web application for Open ID to let your users log in without having to remember yet another password.

1. Get your Open ID

The first step is to have an Open ID to use to test your sign-on. If you already have an Open ID or are signed up for a site that gives you one, then you are all set. Otherwise, sign up at a provider such as www.myopenid.com and get your own Open ID URL.

2. Download the PHP class

We will use a PHP class in order to simplify the process of communicating with the Open ID provider. The class we are going to use is the Simple Open ID Class that is available from www.phpclasses.org/browse/package/3290.html. The version of the class we have used is available in the code sample, however, if you are going to use this in a live application, check the site for any updates to it. In the zip that you have downloaded, the file you will need is class.openid.v2.php. Save this into your site, naming it anything you like.

3. Create a form

In a new PHP file, add a form; all we need is a field for the user to enter their Open ID URL and a Submit button. Set the form to post back to itself for this example. We’ve also added a link to myopenid.com so the user can go and get an Open ID if they don’t have one yet.

<form action=”index.php” method=”post”>

<h1>Login with your openID</h1>

<div>

<div><label for=”openid”>Your OpenID</label><input

ype=”text” name=”openid_url” id=”openid” class=”text” />

<input type=”submit” name=”login” value=”Login” class=”btn”

/></div>

<p><a href=”http://www.myopenid.com/”>Get an OpenID</a></p>

</div>

</form>

4. Posting the form

We now need to deal with what happens when the user posts the form containing their Open ID. At the very top of this script inside PHP tags, include the class we downloaded earlier and create a new instance of that class.

require(‘class.openid.v2.php’);

if ($_POST) {

$openid = new OpenIDService();

5. Set up the request

In addition to checking whether the user is valid, we can ask the Open ID server to send us back some information about the user, such as their email address, full name and gender. The user needs to have already entered this information into their profile and agree to send it to you when they get to the Open ID site. The following lines of code set the user’s identity (this is the URL they entered into the text box), the site that is asking to be authorised, some required fields that we need and some optional fields.

$openid->SetIdentity($_POST[‘Open ID_url’]);

$openid->SetTrustRoot(‘http://’ . $_SERVER[“HTTP_HOST”]);

$openid->SetRequiredFields(array(‘email’,’fullname’));

$openid->SetOptionalFields(array(‘dob’,’gender’,’country’));

6. Redirect to the Open ID provider

We redirect out to the provider setting, the URL that we want the user to be brought back to after completing their sign-on process. In our case, that is this same script we are posting out from but you might also have a different script to handle logins in a full application. If anything goes wrong at this stage, just write out the error information to variables so we can see what happens.

if ($Open ID->GetOpenIDServer()){

$openid->SetApprovedURL(‘http://’ . $_SERVER[“HTTP_

HOST”] . $_SERVER[“PATH_INFO”]);

$openid->Redirect();

}else{

$error = $openid->GetError();

$error_code = $error[‘code’] ;

$error_string = $error[‘description’];

}

}

7. Testing the redirect

You should now be able to enter your Open ID into your form and be taken to the Open ID server to perform the login. After logging in, the server will let you decide whether to authorise this site once, always or cancel the request. We can also choose what information we send back to this site.

8. After login

If you allow the authorisation on the Open ID server, you should find yourself back at your script. In the address, there will be a query string containing information sent back from the Open ID server. This information will inform us whether the login was successful and if it gives us some information about the user.

9. Checking for successful authentication

The below code goes after the closing bracket of the if statement, checking to see if we have a Post. It runs when the user is redirected back from the Open ID server. If we have the parameter openid_mode in our Get, then we check to see if it has a value of id_res. This means that we have an authentication. The first thing to do is to create a new instance of the Open ID object to check that this really is a valid user and not just someone forming a correct query string to try and log into our site. We do this using the ValidateWithServer method, which will return true or false. Put that value into a variable to check.

elseif($_GET[‘openid_mode’] == ‘id_res’){

$showform = false;

$openid = new OpenIDService();

$openid->SetIdentity($_GET[‘openid_identity’]);

$openid_validation_result = $openid->ValidateWithServer();

10. A valid login

If our variable $openid_validation_result is equal to true, then we have a valid login – hooray! Now we can do whatever we want to do with the information we get back from the server. In our case, we are just going to get the details from the Get and write them out into variables. If you were integrating Open ID into your site authentication, you would now insert this information into your database and continue exactly as if you had authorised using a username and password on your own site – except that you don’t need to worry about storing passwords. We are setting a variable named ‘status’ to VALID so that we can check this later on our page when we display the result of the authentication.

if ($openid_validation_result == true) {

//get the users details from the GET

$country = $_GET[openid_sreg_country];

$dob = $_GET[openid_sreg_dob];

$email = $_GET[openid_sreg_email];

$fullname = $_GET[openid_sreg_fullname];

$gender = $_GET[openid_sreg_gender];

$identity = $openid->GetIdentity();

$error_code = ‘’;

$error_string = ‘’;

$status = ‘VALID’;

}

11. Dealing with errors

We need to deal with any errors that might occur, such as an invalid authorisation or some error generated by the server. If we write these to variables, we can find out what happened. In a live site, you need to make sure your user knows what to do if the error is caused by an incorrect login. You might also want to log errors to a database table or text file so you can see if anything is happening often. If the error has been caught by the object, then it can be retrieved with the GetError() method that returns an array.

elseif($openid->IsError() == true){

$error = $openid->GetError();

$error_code = $error[‘code’];

$error_string = $error[‘description’];

$status = ‘ERROR’;

}else{

$error_code = ‘’;

$error_string = ‘INVALID AUTHORIZATION’;

$status = ‘INVALID’;

}

12. User cancelled request

If you deny the authorisation on the Open ID server, then the value of openid_mode will be ‘cancel’. In this situation, the user has cancelled the request and so you cannot then log in. You would need to give the user some information in this situation, perhaps giving them contact details if they have concerns about the information that you want to access.

else if ($_GET[‘openid_mode’] == ‘cancel’){

$showform = false;

$error_string = ‘USER CANCELLED REQUEST’;

$error_code = ‘’;

$status = ‘CANCELLED’;

}

13. Showing the information

For the purposes of this article, we will just display the information that has been returned – or the error message generated – so you can see that the login has worked. At the top of your script (just below the include of the class), add $showform = true;. Then wrap the form in your page with an if statement checking for $showform.

<?php

if($showform) {

?>

<form action=”index.php” method=”post”>

<h1>Login with your Openid</h1>

<div>

<div><label for=”openid”>Your OpenID</label><input

type=”text” name=”openid_url” id=”openid” class=”text” />

<input type=”submit” name=”login” value=”Login” class=”btn” /></div>

<p><a href=”http://www.myopenid.com/”>Get an OpenID</a></p>

</div>

</form>

<?php

}

?>

14. Display the returned information

If our status variable is set to Valid, then we have the user details. Echo them out to the page as proof of the successful authentication.

15. Error display

The following code will print out the error messages that have been received. These messages are more for debug purposes, so don’t forget to display more friendly and helpful error messages to your users, in case they are having problems logging in.

About Hassan Bawab

Hassan Bawab is the founder and CEO of Magic Logix, a Dallas, Texas based agency specializing in customized marketing automation solutions for businesses worldwide.
Mr. Bawab is a trusted resource in the industry and often spends his free time as a consultant for Top 1000 Fortune companies. He has been honored as a guest lecturer at global events and conferences, and locally at The University of North Texas, The University of Texas at Dallas, and Southern Methodist University. He is the author of How to Work with a Digital Marketing Agency and has written numerous articles on automation technology that have become industry dogmas.
Mr. Bawab holds degrees in Computer Science, Mathematics, Technical Writing and Marketing, in addition to several marketing and programming certifications.

7 Responses to “Implementing signon using Open ID login, PHP and MySQL”